How to move a SSL Certificate from Server to Server?
Webmasters and web hosts often have concerns moving domain accounts from server to server when a SSL certificate is involved. Sometimes you hear concerns about the static IP addresses involved and that they won’t match on a new server naturally. Another concern is if the cert requests and keys have been displaced and how to get them back. We recently had to move domain accounts that included a SSL certificate move from server to server and recorded the steps involved here is our little guide of how to move a SSL certificate from server to server. Please be aware that all our servers are cPanel servers.
Prerequisites: To reduce the risk of failure when moving a SSL certificate both server environments should match as much as possible. So, having the exact same versions of PHP, MySQL, and Apache should be the minimum. Matching versions of PHP and MySQL is just a precaution. For a server to server migration we just felt more comfortable with having them on the exact same level on both servers. The operating system does not need to match. In our case we moved the domain from Linux Red Hat ES 3.0 (Intel CPU) to Red Hat ES 4.0 (AMD CPU).
1) Move the domain account with cPanel/WHM "Copy an account from another server with account password" functionality. Once the account move is completed assign a new static IP address of your choice to this account. You can do this during the domain move already. We preferred to do it manually afterwards.
2) On the source server go into WHM and select "SSL Manager" under "SSL/TLS" (See screenshot).
Find the domain with the SSL certificate. Your screen output should look like this (screenshot).
3) Click on the little Floppy Disk icon for the key and the crt piece and copy the output (see sample screenshot) into notepad.
4) Go into WHM on the destination server and select "Install a SSL Certificate and Setup the Domain" (see screenshot).
5) Copy and paste the crt and key output from the source server into the appropriate fields of the screen. Also add the SSL domain name (including sub domain if that is the actual URL), the account user name and the static IP address to the form fields. Once done, click on "Do it". The certificate is now being installed Apache is restarted automatically. If all goes well, you are now done. Go the SSL URL of the domain and test it.
6) In our case the cPanel/WHM move did not create the sub domain for the SSL URL. We had to go into cPanel of the account and recreate the sub domain. Once that was done everything worked as before on the old server.